Check out PPC Hero’s Ultimate Guide to How to Detect Click Fraud

In all industries, we’ve seen a dramatic rise in cybercrime over the past two years as more people join the remote workforce and engage in business online. Mobile ad fraud is piggybacking.

Because mobile ad fraud can be so well-disguised within legitimate data, it’s difficult to say exactly how widespread it is. Estimates on fraud loss range from $6.5 billion a year to $19 billion.

Fraudsters are in a constant arms race against platforms like Google trying to stamp them out on their platforms. Often they’re moving faster than the good guys. But if they know what to look for, marketers can protect themselves and prevent ROI setbacks for their companies.


What is Mobile Ad Fraud?

Mobile ad fraud covers a wide range of activities. All exploit smartphones to drain money from marketing budgets using illegitimate tactics. These include click and bot fraud, invalid ad traffic, domain spoofing, and fake installs.

The effects of this aren’t just financial. They don’t just affect single companies or marketing campaigns. If it isn’t caught early, the phony data created by mobile ad fraud affects marketers’ data-driven decision-making. In turn, this affects the income of publishers who distribute the ads. It can even affect supply chain flows as inventory management systems are sensitive to real-time consumer data.

Mobile ad fraud is particularly bad in the Asia and Pacific Islands region. They suffered 60% of global exposure to mobile ad fraud in 2020 despite increasingly successful efforts by marketers to combat it.

Many of these countries “leapfrogged” the personal computing era for various reasons. So over the past decade, they’ve added more smartphone users than anywhere else in the world.

These are “mobile-first” countries where a person’s smartphone is their primary computing device. The mobile economy is more valuable there than in the rest of the world. For example, South Korea was the first country to introduce 5G to enterprise telephone systems in 2018, and the first country to provide 5G nationwide in 2019.

As the world catches up with them, it’s more urgent than ever that marketers are vigilant about mobile ad fraud. If they aren’t proactive now, the problem could simply move from one region to another.

How does it work?

Mobile ad fraud comes in many forms. With increasingly advanced technology, fraudsters are innovating at the speed of any startup. Some common tactics include the points highlighted below.

Click spam

Fraudsters run warehouses full of smartphones packed side-by-side on shelves and running 24/7. Often the phones are being run from a computer that does all the clicking automatically. But sometimes there is staff clicking the same button on dozens of phones at a time.

Invalid ad traffic

Any number of bots can produce invalid ad traffic, not all of them fraudulent. SEO web crawlers quantify web analytics all the time. The bots aren’t tied to a specific device or IP, which makes them hard to block, but they’ll usually show up in the “unknown” section of your web analytics.

Domain spoofing

The fraudster sells placement on a better site than they have, warranting a higher cost per impression or click. This could be anything from someone impersonating an ae registration for ads in the UAE to impersonating a well-known publisher’s site.

Ad stacking

This is a simple trick where multiple adverts are displayed on top of each other, the user only seeing the one at the top of the “stack”. The fraudsters have some very legitimate-looking data to back up their claim that your ad got lots of impressions.

SDK spoofing

In recent years, hackers have started doing “SDK spoofing”, a more advanced method of click spam where they break into the apps’ code and can notify the app developer of any number of fake installations. The fraudsters don’t need to perform many fake installs before they’re producing some great conversion rates on your ads.

How can you prevent ROI setbacks?


A lot can be done to catch and prevent mobile ad fraud with careful data analysis and by breaking down communication silos

For a start, you should carefully review the analytics data you’ve been collecting. Look at the impressions and clicks for your campaigns at every step of the funnel. Also, check the clicks and impressions for specific user segments and sources of traffic.

An extremely high or low clickthrough, conversion, or retention rate at any step could be a sign that something’s not right. 

A very low conversion rate percentage could be a sign of an inflated clickthrough rate. If you’re marketing a mobile app, an extremely low average click-to-install time (CTIT) could be a sign of install hijacking. A very high CTIT could be a sign of click spam.

Social media marketers don’t own their analytics data, making them vulnerable to mobile ad fraud. If you’re running a social campaign, lessen your exposure to fake traffic by limiting your ad’s reach to narrowly-defined target audiences. Keep an eye out for specific IPs arriving at your site and exclude any that look suspicious so they can’t skew your data.

Ideally, your marketing team should have one person responsible for fraud prevention. This creates a focus on prevention and accountability if fraudsters do slip through the net.

You also allow this one team member to specialize, acquiring a deep technical knowledge of mobile ad fraud and what tools can help you catch it. Over time, they’ll understand how to interrogate your analytics data better than anyone else can and ask questions nobody was thinking of. This is due, mainly to the fact, that there are no true experts in the field. 

Finally, mobile ad fraud prevention should be a collaborative effort. For a start, you should insist upon access to your partners’ own analytics when you’re talking about a deal. Ask them how they’re collecting that data – what “a conversion” means to them – and what they’re doing to combat mobile ad fraud on their side of the arrangement.

Working Together to Prevent Ad Fraud

If marketers, publishers, and platforms around the world can work together, there’s a lot they can do to stamp out mobile ad fraud. In 2020 Google banned 600 apps in one fell swoop from their Google Play Store. An increased social norm of scrutinizing data will build trust amongst marketers and publishers.